Awesome
The 7 Phase Vulnerability Assessment Framework:
##Table of Contents
- 01 | [Engagement Planning] (Engagement Planning/README.md)
- 02 | [Threat Modeling] (Threat Modeling/README.md)
- 03 | [Discovery] (Discovery/README.md)
- 04 | [Vulnerability Scanning] (Vulnerability Scanning/README.md)
- 05 | [Validation] (Validation/README.md)
- 06 | [Remediation] (Remediation/README.md)
- 07 | [Reporting] (Reporting/README.md)
##Framework Goals & Objectives: Products: Threat Assessment, Target Matrix, Vulnerability Report, Vulnerability Assessment, Remediation Plan, Vulnerability Assessment Report, Continuous Vulnerability Assessment & Remediation Plan
- 01 | Engagement Planning
- Goal: Identify quick wins (make your job easier, net maps, etc) // Build tight scope // Focus in on the value proposition // Don’t break the law
- Tasks:
- 02 | Threat Modeling
- Goal: Target Intel to Identify threats and start the risk equation, ensure effort yields maximum impact Develop Threat Assessment
- Tasks: Gather OSINT // Gather Threat Data // Assess Industry specific threats // Assess threats affecting organizational critical information // Assess threats affecting organizational critical business processes
- 03 | Discovery
- Goal: Find all the things Develop Target Matrix
- Tasks: Recon & Enumeration
- 04 | Vulnerability Scanning
- Goal: Identify all services, configurations, patch/hotfixes, and correlate to potential vulnerabilities Develop Vulnerability Report
- Tasks: Baselining, Tuning, Compliance, Port Scanning, Baseline comparison, Service specific vulnerability scanning (network vuln scanning), Host by host vulnerability scanning (auth scans/powershell/etc)
- 05 | Validation Goal: Validate identified vulnerabilities for accuracy, relate to threat assessment, calculate organizational risk, and triage Develop Vulnerability Assessment Develop Remediation Plan
- Tasks: Validate, relate to threat, calculate organizational risk, triage
- 06 | Remediation Goal: Clear environment of prioritized vulnerabilities Develop Target Matrix v2 (to assess vulnerabilities and ascertain positive mitigation status)
- Tasks: Clear environment of prioritized vulnerabilities
- 07 | Reporting
- Goal: Report to management, facilitate organizational understanding of cybersecurity risk Develop Vulnerability Assessment Report Develop Continuous Vulnerability Assessment & Remediation Plan
- Tasks: Compile and Deliver Report
##Vulnerability Lifecycle Discovery <-> Scanning -> Validation -> Remediation (diagram)